The audio doorbell of Amazon shows who’s at the doorway. The username and password could have been seen by anyone on their open network for months.
People buy video doorbells from RIng to give their homes a sense of security, but a code bug left the safety of their network wide open, researchers said. According to cybersecurity firm Bitdefender, the bug, revealed Thursday, would have enabled potential attackers to access the Wi-Fi username and password of a Ring holder.
The security company first told Ring’s parent company about the problem in June, and in a September automatic update issued a patch for the bug, the researchers said.
Ring is an Amazon-owned electronic doorbell firm which acquired it in February 2018 for $839 million. It has collaborated with at least 587 police departments across the country, providing access to an impromptu surveillance network in residential neighbourhoods for law enforcement.
Privacy advocates raised concerns over Ring’s close ties to police, raising issues related to civilian-backed monitoring, along with alleged attacks on internet-connected devices.
“Consumer confidence is important to us and we take our app security seriously. We’ve carried out an automated security update that addresses the issue, and it’s been fixed since then,” Ring said in a statement.
The flaw arises in the interactions of the video doorbell with the Ring device. The software will transmit the login information of your Wi-Fi network to the doorbell when you first set up your Ring phone.
Such sensitive information had been sent over an unencrypted network, which implied that anyone who used the network could have seen your Wi-Fi username and password. To carry out this threat, the suspected attacker would need to be inside the Wi-Fi network.
